We have been alerted to a fun tool, a DJI DroneID spoofer software for ESP8266/ESP32 and some other popular MCUs. Last year, we’ve told you about DJI DroneID — a technology DJI added to their drones, which broadcasts data including the drone operator’s GPS position, which, in turn, appears to have resulted in Ukrainian casualties in the Ukraine war. The announcement tweet states that DJI has added mechanisms from downgrading firmware. Hence, the spoofer.
There’s no other hardware needed, well other than an ESP8266 or ESP32 devboard, anyway. After the break you can find a video tutorial from [Joshua Bardwell] that shows you how to upload the code using Arduino IDE, and even going through coordinate tweaks. If you ever reminisced about the concept of throwies and were wondering what kind of useful, well, there’s your answer: clone the Git repo, compile it, program some interesting coordinates in, and witness the imaginary drones fly.
All in all, we get a lovely addition to our shenanigan toolkits. Surely, someone could use a neural network to distinguish real drones from fake ones, but it’s nothing that can’t be solved with a bit of code. Looking for a less daring hack? Well, you can always add some automation to your DJI drone by poking at the RGB LED signals.
Back when commercial quadcopters started appearing in the news on the regular, public safety was a talking point. How, for example, do we keep them away from airports? Well, large drone companies didn’t want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.
When it comes to DJI, one such mechanism is DroneID: a beacon on the drone itself, sending out a trove of data, including its operator’s GPS location. DJI also, of course, sells the Aeroscope device that receives and decodes DroneID data, declared to be for government use. As it often is with privacy-compromising technology, turns out it’s been a bigger compromise than we expected.
Questions started popping up last year, as off-the-shelf quadcopters (including those made by DJI) started to play a part in the Russo-Ukrainian War. It didn’t take long for Ukrainian forces to notice that launching a DJI drone led to its operators being swiftly attacked, and intel was that Russia got some Aeroscopes from Syria. DJI’s response was that their products were not meant to be used this way, and shortly thereafter cut sales to both Russia and Ukraine.
But security researchers have recently discovered the situation was actually worse than we expected. Back in 2022, DJI claimed that the DroneID data was encrypted, but [Kevin Finisterre]’s research proved that to be a lie — with the company finally admitting to it after Verge pushed them on the question. It wouldn’t even be hard to implement a worse-than-nothing encryption that holds up mathematically. However, it seems, DroneID doesn’t even try: here’s a GitHub repository with a DroneID decoder you can use if you have an SDR dongle.
The rise of smartphone and smartwatch fitness tracking has been an absolute boon for anyone interested in tracking their runs. However, it all falls short when you need a custom feature and start getting into serious long distance running, as most smartphone batteries simply won’t last. While there are devices out there for the ultra-running enthusiast, [Ivor Hewitt] decided he wasn’t willing to pay a monthly subscription for the pricy trackers or deal with the hassle of the generic cheap versions, and decided to roll his own.
The key pieces of this project are the A9G GPS module and the RDA8955 GRS/GPRS module. They’re both incredibly small and power efficient, perfect for a project that needs to be worn on your person with a long battery life. As an added bonus, the RDA8955 also includes a SoC that’s user-programmable. After battling the lackluster documentation and tooling, [Ivor] managed to get some software running on his new system. A power bug on the A9G GPS module was potentially show stopping, but thanks to some help by folks in the community, it was diagnosed and solved.
Further additions included adding a proper charging circuit (TP4056) and a beefy 2600 mAh battery scavenged from a Sony smartphone, giving the compact system around 38 hours of active battery life. An OLED screen was added to show upcoming aid stations and overall system status, driven by a custom display library. A snazzy translucent case makes the whole device slim and easy to carry. Now at the end of a long race or training session, [Ivor] has a wealth of tracked points that has already been uploaded to his own tracking website and a fully charged phone.
Next time you’re looking for a small compact GPS tracker or cellular logger take a look at this project’s code on GitHub or the A9G and RDA8955 modules.
About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.
On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.
Have you ever taken a look at all the information that Google has collected about you over all these years? That is, of course, assuming you have a Google account, but that’s quite a given if you own an Android device and have privacy concerns overruled by convenience. And considering that GPS is a pretty standard smartphone feature nowadays, you shouldn’t be surprised that your entire location history is very likely part of the collected data as well. So unless you opted out from an everchanging settings labyrinth in the past, it’s too late now, that data exists — period. Well, we might as well use it for our own benefit then and visualize what we’ve got there.
Location data naturally screams for maps as visualization method, and [luka1199] thought what would be better than an interactive Geo Heatmap written in Python, showing all the hotspots of your life. Built around the Folium library, the script reads the JSON dump of your location history that you can request from Google’s Takeout service, and overlays the resulting heatmap on the OpenStreetMap world map, ready for you to explore in your browser. Being Python, that’s pretty much all there is, which makes [Luka]’s script also a good starting point to play around with Folium and map visualization yourself.
While simply just looking at the map and remembering the places your life has taken you to can be fun on its own, you might also realize some time optimization potential in alternative route plannings, or use it to turn your last road trip route into an art piece. Just, whatever you do, be careful that you don’t accidentally leak the location of some secret military facilities.
How do you audit your home Wi-Fi network? Perhaps you log into your router and have a look at the connected devices. Sometimes you’ll find an unexpected guest, but a bit of detective work will usually lead you to the younger nephew’s game console or that forgotten ESP8266 on your bench.
Wouldn’t it be useful if your router could tell you where all the devices connected to it are? If you are [Zack Scholl], you can do all this and more, for his FIND-LF system logs Wi-Fi probe requests from all Wi-Fi devices within its range even if they are not connected, and triangulates their position from their relative signal strengths across several sniffing receivers. These receivers are a network of Raspberry Pis with their own FIND-LF server, and any probe requests they pick up are forwarded to [Zack]’s FIND server (another of his projects) which does the work of collating the locations of devices.
It’s an impressive piece of work, though with a Raspberry Pi at each receiver it could get a little pricey. [Zack] has done other work in this field aside from the two projects mentioned here, his other work includes an implementation of the [Harry Potter] Marauder’s Map.
GPS-based location services will be around with us forever. If you’re in the outback, in the middle of the ocean, or even just in a neighborhood that doesn’t have good cell coverage, there’s no better way to figure out where you are than GPS. Using satellites orbiting thousands of miles above the Earth as a location service is an idea that breaks down at some very inopportune times. If you’re in a parking garage, you’re not using GPS to find your car. If you’re in a shopping mall, the best way to find your way to a store is still a map. Anyone every tried to use GPS and Google Maps in the hotel/casino labyrinth that is the Las Vegas strip?
[Blecky]’s entry for the Best Product competition of the Hackaday Prize aims to solve this problem. It’s an indoor location service using only cheap WiFi modules called SubPos. With just a few ESP8266 modules, [Blecky] can set up a WiFi positioning system, accurate to half a meter, that can be used wherever GPS isn’t.
The idea for a GPS-less positioning system came to [Blecky] after a caving expedition and finding navigation though subterranean structures was difficult without the aid of cell coverage and GPS. This got [Blecky] thinking what would be required to build a positioning service in a subterranian environment.
A SubPos node, equipped with an ESP8266 WiFi module
The answer to this question came in the form of a cheap WiFi module. Each of the SubPos nodes are encoded with the GPS coordinates of where they’re placed. By transmitting this location through the WiFi Beacon Frame, along with the transmitted power, any cell phone can use three or more nodes to determine its true location, down to a few centimeters. All of this is done without connecting to a specific WiFi network; it’s a complete hack of the WiFi standard to allow positioning data.
The most shallow comparison to an existing geolocation system would be a WiFi positioning system (WPS), but there are several key differences. In WPS, the WiFi APs don’t transmit their own location; the AP is simply cross-referenced with GPS coordinates in a database. Secondly, APs do not transmit their own transmit power – important if you’re using RSSI to determine how far you are from an Access Point.
The best comparison to an indoor location service comes from a new Decawave module that sets up ‘base stations’ and figures out a sensor’s location based on time of flight. This, however, requires additional radios for each device receiving location data. SubPos only requires WiFi, and you don’t even need to connect to an AP to get this location data; everything is broadcast as a beacon frame, and every device with WiFi detects a SubPos node automatically.
As an entry to the Hackaday Prize Best Product competition, there is an inevitable consideration as to how this product will be marketed. The applications for businesses are obvious; shopping malls could easily build a smartphone app showing a user exactly where in the mall they are, and provide directions to The Gap or one of the dozens of GameStops in the building. Because the SubPos nodes also work in 3D space, parking garage owners could set up a dozen or so SubPos nodes to direct you to your exact parking spot. Disney, I’m sure, would pay through the nose to get this technology in their parks.
Already [Blecky] is in talks with one company that would like to license his technology, but he’s not focused only on the high-dollar business accounts. He already has a product that needs manufacturing, and if he wins the Best Product competition, he will be working on something for the hacker/homebrew market. The price point [Blecky] sees is around $15 a node. The economics of this work with the ESP WiFi module, but [Blecky] is also looking at alternative chip sets that would allow for more than just RSSI position finding; an improved version of the SubPos node not based on the ESP-8266 could bring time of flight into the mix, providing better position accuracy while still being cheaper to manufacture than the current ESP-based solution.
[Blecky] has a great project on his hands here, and something we will, undoubtedly, see more of in the future. The idea of using WiFi beacon frames to transmit location data, and received signal strength to suss out a position is groundbreaking and applicable to everything from spelunking to finding your car in a parking garage. Since the SubPos system isn’t tied to any specific hardware, this could even be implemented in commercial routers, giving any device with WiFi true location data, inside or out. It’s also one of the top ten finalists for the Hackaday Prize Best Product competition, and like the others, it’s the cream of the crop.
